CVE-2025-22011

Summary

In the Linux kernel, the following vulnerability has been resolved:

ARM: dts: bcm2711: Fix xHCI power-domain

During s2idle tests on the Raspberry CM4 the VPU firmware always crashes on xHCI power-domain resume:

root@raspberrypi:/sys/power# echo freeze > state [ 70.724347] xhci_suspend finished [ 70.727730] xhci_plat_suspend finished [ 70.755624] bcm2835-power bcm2835-power: Power grafx off [ 70.761127] USB: Set power to 0

[ 74.653040] USB: Failed to set power to 1 (-110)

This seems to be caused because of the mixed usage of raspberrypi-power and bcm2835-power at the same time. So avoid the usage of the VPU firmware power-domain driver, which prevents the VPU crash.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux522c35e08b53f157ad3e51848caa861b258001e4 < b8a47aa0b3df701d0fc41b3caf78d00571776be0affected
LinuxLinux522c35e08b53f157ad3e51848caa861b258001e4 < 393947e06867923d4c2be380d46efd03407a8ce2affected
LinuxLinux522c35e08b53f157ad3e51848caa861b258001e4 < f44fa354a0715577ca32b085f6f60bcf32c748ddaffected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.12.21 <= 6.12.*unaffected
LinuxLinux6.13.9 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References